lhwidget wrote

I'm a PLC programmer and I'm afraid I might be out of my depth here.  PLCs generate too much traffic and need to be kept seperate from a comapny network.  However I need access to the PLC from the campany network for monitoring and programming reasons.  I thought a 1 to 1 NAT using static numbers would work, but I can't get it to communicate both ways.  Here my test set-up:

 

Laptop                          -->        WAN port of TL-R600                 -->           LAN port of TL-R600            -->        Computer (Spud6)

static IP of 10.10.10.1               static address, 10.10.10.38                        static address, 192.168.1.31            static address, 192.168.1.107

subnet 225.255.255.0               subnet mask 255.255.255.0                       subnet 225.255.255.0                      subnet mask 255.255.255.0

 

There is one entry in the 1 to 1 NAT in the table:

ID	Name	Interface	Original IP	Translated IP	DMZ Forwarding	Description	Status

1

Spud6

WAN1

197.168.1.107

10.10.10.2

Enabled

Spud6

Enabled

 

From 192.168.1.107, I can ping 192.168.1.31,   10.10.10.38,   and   10.10.10.1

 

10.10.10.1 cannot ping any address on either side of the router.

 

Have I missed something simple, or am I trying to do this the wrong way?

Hi lhwidget

You cannot ping from WAN to LAN directly because NAT. You need to set up virtual server or DMZ for accessing the devices in LAN.

For virtual server, you need to designate the TCP/UDP port you need to use. For DMZ, it means to open all ports for the devices in LAN. 

Yeah, you can't ping on the other side of NAT. That is why you use one-to-one NAT. You should be able to fully control your 192.168.1.107 by using 10.10.10.2 instead.

Andone wrote

lhwidget wrote

I'm a PLC programmer and I'm afraid I might be out of my depth here.  PLCs generate too much traffic and need to be kept seperate from a comapny network.  However I need access to the PLC from the campany network for monitoring and programming reasons.  I thought a 1 to 1 NAT using static numbers would work, but I can't get it to communicate both ways.  Here my test set-up:

 

Laptop                          -->        WAN port of TL-R600                 -->           LAN port of TL-R600            -->        Computer (Spud6)

static IP of 10.10.10.1               static address, 10.10.10.38                        static address, 192.168.1.31            static address, 192.168.1.107

subnet 225.255.255.0               subnet mask 255.255.255.0                       subnet 225.255.255.0                      subnet mask 255.255.255.0

 

There is one entry in the 1 to 1 NAT in the table:

ID	Name	Interface	Original IP	Translated IP	DMZ Forwarding	Description	Status

1

Spud6

WAN1

197.168.1.107

10.10.10.2

Enabled

Spud6

Enabled

 

From 192.168.1.107, I can ping 192.168.1.31,   10.10.10.38,   and   10.10.10.1

 

10.10.10.1 cannot ping any address on either side of the router.

 

Have I missed something simple, or am I trying to do this the wrong way?

 

Hi lhwidget

 

You cannot ping from WAN to LAN directly because NAT. You need to set up virtual server or DMZ for accessing the devices in LAN.

For virtual server, you need to designate the TCP/UDP port you need to use. For DMZ, it means to open all ports for the devices in LAN. 

Thanks so much.  Two more questions:

1) I'm not sure I understand how to apply your DMZ advice., how do I open all ports to the devices in the LAN?

2) Is there any way to enable IP Directed Broadcasts to the clients on the 192 side?

Mitya wrote

Yeah, you can't ping on the other side of NAT. That is why you use one-to-one NAT. You should be able to fully control your 192.168.1.107 by using 10.10.10.2 instead.

Thank you for confirming.  I thought that was the case.  I'm trying on the PLC equipment now.

For opening all ports to your devices, in NAT-DMZ, set the IP address of your devices in LAN, choose the WAN interface that you need to access. 

I think that router hasn't the function of IP Directed Broadcasts to the clients on the 192 side.

Thank you for the help, very much appreciated. 

Do you know if any of the other routers offers the directed broadcast option?

Sorry that have not idea.